PEAP ntlm_auth strange behaviour

[Jérémy Cluzel]

Hello,

I used a FR 1.1.0 under FreeBSD 6.0
I configure it to PEAP auth against  a windows 2003 AD through ntlm_auth 
(samba 3.0.21b).
Everything works fine, user auth, machine auth...

The problem is that for some obscur reasons, some users ("jpbrunain" in 
this case) are unable to log in.
This problem concerns only 2 users out of  20... and I don't see 
anything "special" concerning them on the 2003 AD...

As I saw in the radius.log, I got:
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
 rlm_mschap: External script failed.  
Well, I know that the password typed was good. Moreover, if I run 
"ntlm_auth --request-nt-key --domain=CHRT --username=jpbrunain" with the 
good password, I got this message:
"NT_STATUS_OK: Success (0x0)"... So I think I have permission to 
authenticate against AD.

I also try :
"ntlm_auth --request-nt-key --username=jpbrunain 
--challenge=d8a9272386722a12"
This one succeeded after entering the good password.
and:
"ntlm_auth --request-nt-key --username=jpbrunain 
--challenge=d8a9272386722a12 
--nt-response=db063bdf850cff582568f32a83da83315bac0a1c2adc19a2"
That one failed, even with the good password... the error code returned 
was: "Logon failure (0xc000006d)".

Where do these parameters (challenge and nt-response) come from ? What 
does it mean ? How to solve this ?

Regards,

Jeremy
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius.log
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060407/a3469c4c/attachment.ksh>